SY0-501 Real Exam Dumps Questions and answers 51-60

Get Full Version of the Exam

Question No.51

An organization is using a tool to perform a source code review. Which of the following describes the case in which the tool incorrectly identifies the vulnerability?

  1. False negative

  2. True negative

  3. False positive

  4. True positive

Correct Answer: C

Question No.52

Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened. The network and security teams perform the following actions:


Shut down all network shares.



Run an email search identifying all employees who received the malicious message. Reimage all devices belonging to users who opened the attachment.

Next, the teams want to re-enable the network shares. Which of the following BEST describes this phase of the incident response process?

  1. Eradication

  2. Containment

  3. Recovery

  4. Lessons learned

Correct Answer: C

Question No.53

As part of a new industry regulation, companies are required to utilize secure, standardized OS settings. A technical must ensure the OS settings are hardened. Which of the following is the BEST way to do this?

  1. Use a vulnerability scanner.

  2. Use a configuration compliance scanner.

  3. Use a passive, in-line scanner.

  4. Use a protocol analyzer.

Correct Answer: B

Question No.54

A security analyst is reviewing the following output from an IPS:


Given this output, which of the following can be concluded? (Select two.)

  1. The source IP of the attack is coming from

  2. The source IP of the attack is coming from

  3. The attacker sent a malformed IGAP packet, triggering the alert.

  4. The attacker sent a malformed TCP packet, triggering the alert.

  5. The TTL value is outside of the expected range, triggering the alert.

Correct Answer: BC

Question No.55


A security administrator is given the security and availability profiles for servers that are being deployed.

Match each RAID type with the correct configuration and MINIMUM number of drives.

Review the server profiles and match them with the appropriate RAID type based on integrity, availability, I/O, storage requirements.


All drive definitions can be dragged as many times as necessary. Not all placeholders may be filled in the RAID configuration boxes.

If parity is required, please select the appropriate number of parity checkboxes. Server profiles may be dragged only once.


If at any time you would like to bring back the initial state of the simul-ation, please select the Reset button. When you have completed the simul-ation, please select the Done button to submit. Once the simul-ation is submitted, please select the Next button to continue.


Correct Answer:


Question No.56

An organization has determined it can tolerate a maximum of three hours of downtime. Which of the following has been specified?

  1. RTO

  2. RPO

  3. MTBF

  4. MTTR

Correct Answer: A

Question No.57

A security consultant discovers that an organization is using the PCL protocol to print documents, utilizing the default driver and print settings. Which of the following is the MOST likely risk in this situation?

  1. An attacker can access and change the printer configuration.

  2. SNMP data leaving the printer will not be properly encrypted.

  3. An MITM attack can reveal sensitive information.

  4. An attacker can easily inject malicious code into the printer firmware.

  5. Attackers can use the PCL protocol to bypass the firewall of client computers.

Correct Answer: B

Question No.58

Which of the following attacks specifically impact data availability?

  1. DDoS

  2. Trojan

  3. MITM

  4. Rootkit

Correct Answer: A

Question No.59

Which of the following is an important step to take BEFORE moving any installation packages from a test environment to production?

  1. Roll back changes in the test environment

  2. Verify the hashes of files

  3. Archive and compress the files

  4. Update the secure baseline

Correct Answer: B

Question No.60

An auditor wants to test the security posture of an organization by running a tool that will display the following:


Which of the following commands should be used?

  1. nbtstat

  2. nc

  3. arp

  4. ipconfig

Correct Answer: A

Get Full Version of SY0-501 Dumps